<?php
//首先要做权限判断，判断是不是管理员
session_start();
if (!isset($_SESSION['admin']) or $_SESSION['admin'] != 1) { //说明未登录
    echo "<script>alert('只有管理员才能访问本页面！');location.href='login.html';</script>";
    exit;
}
//程序到这里说明权限OK
if(!isset($_GET['admin']) or !isset($_GET['username'])){
    echo "<script>alert('参数错误！');history.back();</script>";
    exit;
}
$admin = $_GET['admin'];
$username = $_GET['username'];
include_once "conn.php";
$sql = "update userinfo set isAdmin = $admin where username = '$username'";
$result = mysqli_query($conn,$sql);
/*echo $sql;
echo mysqli_error($conn);
exit;*/
if($result){
    echo "<script>alert('设置成功！');location.href='admin.php';</script>";
}
else{
    echo "<script>alert('设置失败！');history.back();</script>";
}
?>